Open main menu

Changes

740 bytes added ,  02:27, 8 June 2020
**Hardware attack - Remove Flash Memory and read directly (possibly encrypted)
Initially the radio was opened and wires were soldered to some test points and a port of interest an interesting PCB footprint that I suspected was JTAG as seen in the video below.
<youtube width="320" height="240">EZP2DVU9IvQ</youtube>
 
There is also a serial port labeled SCTX and SCRX, both of these lines appear to be transmit only from the top CPU board down to the bottom transceiver board. As the radio is tuned from one frequency to another the SCRX line has a lot of activity, when the transmitter is keyed up the SCTX line has activity. Here is a sample of what is seen on the SCRX line.
{| class="wikitable mw-collapsible mw-collapsed"
|+
!SCRX
|-
|J0000
|-
|K0000
|-
|G0283
|-
|`0
|-
|G1283
|-
|B06EE14
|-
|B0A03CE
|-
|B0C0028
|-
|B11E960
|-
|B180000
|-
|B140000
|-
|B1C2812
|-
|B200018
|-
|B280A68
|-
|G;7:3
|-
|K1900
|-
|a7:6
|-
|B1C2C12
|-
|B140000
|-
|B1C2812
|-
|B200018
|-
|B280A68
|-
|F41
|-
|J01
|-
|G;7:3
|-
|`0
|}
====Understand how the radio works====